Fluid Attacks Database

Description

Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	libcatalyst-plugin-authentication-perl	=0.10023-4 \|\| =0.10024-1 \|\| =0.10026-1
debian 13	libcatalyst-plugin-authentication-perl	=0.10024-1 \|\| =0.10026-1
debian 11	libcatalyst-plugin-authentication-perl	=0.10023-3 \|\| =0.10023-4 \|\| =0.10024-1 \|\| =0.10026-1
debian 14	libcatalyst-plugin-authentication-perl	=0.10024-1 \|\| =0.10026-1

Aliases

1. CVE-2009-100072. NVD-2009-100073. OSV-DEBIAN-2009-100074. OSV-2009-100075. SECURITY-TRACKER-CVE-2009-10007

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.